Skip to content

Commit

Permalink
fix(api): update cors settings for public route
Browse files Browse the repository at this point in the history
  • Loading branch information
@sws2apps-admin
sws2apps-admin authored Dec 3, 2022
1 parent 46c7ad7 commit c496b11
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 8 deletions.
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 15 additions & 6 deletions src/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import { updateTracker } from "./middleware/update-tracker.js";
import { errorHandler, getAppVersion, getRoot, invalidEndpointHandler } from "./controllers/app-controller.js";

// allowed apps url
var whitelist = [
const whitelist = [
"https://alpha-sws-pocket.web.app",
"https://alpha-sws-pocket.firebaseapp.com",
"https://sws-pocket.web.app",
Expand All @@ -36,15 +36,25 @@ var whitelist = [
"https://sws2apps-tools.firebaseapp.com",
];

var corsOptionsDelegate = function (req, callback) {
const allowedUri = ["/app-version", "/api/public/source-material"];

const corsOptionsDelegate = function (req, callback) {
var corsOptions;

if (process.env.NODE_ENV === "production") {
const reqOrigin = req.header("Origin");
if (reqOrigin) {
if (whitelist.indexOf(reqOrigin) !== -1) {
corsOptions = { origin: true }; // reflect (enable) the requested origin in the CORS response
} else {
corsOptions = { origin: false }; // disable CORS for this request
const originalUri = req.headers["x-original-uri"];

if (originalUri === "/") {
corsOptions = { origin: true }; // allow CORS for index route
} else {
const allowed = allowedUri.find((uri) => uri.startsWith(originalUri)) ? true : false;
corsOptions = { origin: allowed };
}
}
} else {
corsOptions = { origin: false };
Expand Down Expand Up @@ -93,11 +103,10 @@ app.use("/api/admin", adminRoute);
app.use("/api/sws-pocket", swsPocketRoute);
app.use("/api/public", publicRoute);

app.get("/", getRoot);

// get app version for shields.io
app.get("/app-version", getAppVersion);

app.get("/", getRoot);

// Handling invalid routes
app.use(invalidEndpointHandler);

Expand Down

0 comments on commit c496b11

Please sign in to comment.